Skip to first unread message
Assigned to lif...@gmail.com by me
Ajay S
May 8, 2018, 2:16:08 PM5/8/18
to Kubernetes user discussion and Q&A
Hello All,
Can we use AWS ECR in GKE? I read somewhere that for pulling images from AWS ECR you need to assign some roles to the instance which I guess can't be assigned to Google Cloud Compute VMs. I tried it with Kubernetes secrets but everytime it is failing.
If we can access AWS ECR from GKE, can someone direct me to some help pages?
Regards,
Ajay
Ahmet Alp Balkan
May 9, 2018, 12:23:11 AM5/9/18
to kubernet...@googlegroups.com
What you're looking for is documentation from AWS explaining how to access ECR in headless mode with credentials don't expire quickly (in 1 hour etc). I was not able to find such documentation with a quick search (for reference GCR equivalent of this is documented here).
It looks like this same question is asked here (but for minikube) and has some solutions: https://github.com/kubernetes/minikube/issues/366
--
You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-use...@googlegroups.com.
To post to this group, send email to kubernet...@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.
Naadir Jeewa
May 9, 2018, 12:45:26 AM5/9/18
to kubernet...@googlegroups.com
Some of the stuff in that minikube thread is a bit out of date I think.
Configure your Docker daemon (this will also work with CRI-O) to get ECR credentials using https://github.com/awslabs/amazon-ecr-credential-helper, configure an IAM user with appropriate access to your ECR registries, and place a shared credential file in /root/.aws/credentials. Then you can refer to ECR images in your pod specs as normal.
This should work:
Configure your Docker daemon (this will also work with CRI-O) to get ECR credentials using https://github.com/awslabs/amazon-ecr-credential-helper, configure an IAM user with appropriate access to your ECR registries, and place a shared credential file in /root/.aws/credentials. Then you can refer to ECR images in your pod specs as normal.
Naadir Jeewa | Platform Lead | The Scale Factory
On 9 May 2018 at 05:22, 'Ahmet Alp Balkan' via Kubernetes user discussion and Q&A <kubernet...@googlegroups.com> wrote:
What you're looking for is documentation from AWS explaining how to access ECR in headless mode with credentials don't expire quickly (in 1 hour etc). I was not able to find such documentation with a quick search (for reference GCR equivalent of this is documented here).It looks like this same question is asked here (but for minikube) and has some solutions: https://github.com/kubernetes/minikube/issues/366
On Tue, May 8, 2018 at 11:16 AM Ajay S <linux.aj...@gmail.com> wrote:
Hello All,--Can we use AWS ECR in GKE? I read somewhere that for pulling images from AWS ECR you need to assign some roles to the instance which I guess can't be assigned to Google Cloud Compute VMs. I tried it with Kubernetes secrets but everytime it is failing.If we can access AWS ECR from GKE, can someone direct me to some help pages?Regards,Ajay
You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscribe@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscribe@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Ahmet Alp Balkan
May 9, 2018, 5:29:52 PM5/9/18
to kubernet...@googlegroups.com
The method suggested by Naadir will not work on GKE.
- Most of the node filesystem is not writable (readonly), this includes PATH directories.
- GKE nodes don't have individual setup (it may delete nodes during a scale down or a repair) so the new nodes will require the setup again.
- If I recall correctly, the VM startup script doesn't work on GKE either, you can't set up new nodes with this.
On Tue, May 8, 2018 at 9:45 PM Naadir Jeewa <naa...@scalefactory.com> wrote:
Some of the stuff in that minikube thread is a bit out of date I think.This should work:
Configure your Docker daemon (this will also work with CRI-O) to get ECR credentials using https://github.com/awslabs/amazon-ecr-credential-helper, configure an IAM user with appropriate access to your ECR registries, and place a shared credential file in /root/.aws/credentials. Then you can refer to ECR images in your pod specs as normal.
Naadir Jeewa | Platform Lead | The Scale Factory
On 9 May 2018 at 05:22, 'Ahmet Alp Balkan' via Kubernetes user discussion and Q&A <kubernet...@googlegroups.com> wrote:
What you're looking for is documentation from AWS explaining how to access ECR in headless mode with credentials don't expire quickly (in 1 hour etc). I was not able to find such documentation with a quick search (for reference GCR equivalent of this is documented here).It looks like this same question is asked here (but for minikube) and has some solutions: https://github.com/kubernetes/minikube/issues/366
On Tue, May 8, 2018 at 11:16 AM Ajay S <linux.aj...@gmail.com> wrote:
Hello All,--Can we use AWS ECR in GKE? I read somewhere that for pulling images from AWS ECR you need to assign some roles to the instance which I guess can't be assigned to Google Cloud Compute VMs. I tried it with Kubernetes secrets but everytime it is failing.If we can access AWS ECR from GKE, can someone direct me to some help pages?Regards,Ajay
You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-use...@googlegroups.com.
To post to this group, send email to kubernet...@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-use...@googlegroups.com.
To post to this group, send email to kubernet...@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-use...@googlegroups.com.
To post to this group, send email to kubernet...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages